Linux Security: Working with IP sets and iptables

IP Sets can facilitate the management of a complex firewall ruleset. This exercise refreshes basic skills with the iptables command and begins developing an understanding of working with IP Sets. 

Create a new IP set called ‘clienthosts’ that contains the IP and Port combinations for each client server. Be sure the ‘ipset’ is configured to persist a reboot

Run the following commands:

  • ipset create clienthosts hash:ip,port
  • ipset add clienthosts 10.0.1.100,80
  • ipset add clienthosts 10.0.1.200,80
  • ipset save clienthosts > /etc/sysconfig/ipset

Add a new rule to the INPUT chain that accepts traffic from all IP/Port combinations as source IP/destination port in the ‘clienthostsIP’ set. The rule should persist a reboot.

Run the following commands:

  • iptables -I INPUT -m set --match-set clienthosts src,dst -j ACCEPT
  • Iptables-save > /etc/sysconfig/iptables

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

A WordPress.com Website.

Up ↑

%d bloggers like this: